Here are the first proposed extensions PIDK, allowing the derivation of shared keys through the hub from the user PIDs and ECID allowing for the use of elliptic curve cryptography to identify clients (including MITM avoidance when using SSL connections).